Cyber Bites cover art

Cyber Bites

Cyber Bites

By: Edwin Kwan
Listen for free

About this listen

 Your weekly dose of cyber security news by Edwin Kwan Stay sharp in the digital world! "Cyber Bites" delivers cybersecurity insights, industry trends, and personal experiences to keep you informed and protected.

edwinkwan.substack.comEdwin Kwan Politics & Government
Episodes
  • Cyber Bites - 19th December 2025

    Cyber Bites - 19th December 2025
    Dec 18 2025
    * Notepad++ Releases Security Update to Address Traffic Hijacking Vulnerability* Google Links Additional Chinese Hacking Groups to Widespread Exploitation of Critical React2Shell Vulnerability* Scammers Abuse PayPal Subscriptions to Send Fake Purchase Notification Emails* Massive Chrome Extension Caught Harvesting Millions of Users’ AI Chat Conversations* Google to Discontinue Its Dark Web Report Security Feature in 2026Notepad++ Releases Security Update to Address Traffic Hijacking Vulnerabilityhttps://notepad-plus-plus.org/news/v889-released/The popular text editor Notepad++ has released version 8.8.9 to address a critical security vulnerability affecting its updater, WinGUp. According to security experts, incidents of traffic hijacking have been reported, where the traffic between the updater client and the Notepad++ update infrastructure was being redirected to malicious servers, resulting in the download of compromised executables.The vulnerability was found to be a weakness in the way the updater validates the integrity and authenticity of the downloaded update file. Exploiting this weakness, an attacker could intercept the network traffic and prompt the updater to download and execute an unwanted binary instead of the legitimate Notepad++ update. To mitigate this issue, the new release introduces a security enhancement that verifies the signature and certificate of the downloaded installers during the update process, and aborts the update if the verification fails.The investigation into the exact method of the traffic hijacking is ongoing, and users will be informed once tangible evidence is established. In the meantime, Notepad++ recommends that users who have previously installed the root certificate should remove it, as the binaries, including the installer, are now digitally signed using a legitimate certificate issued by GlobalSign. Google Links Additional Chinese Hacking Groups to Widespread Exploitation of Critical React2Shell Vulnerabilityhttps://cloud.google.com/blog/topics/threat-intelligence/threat-actors-exploit-react2shell-cve-2025-55182/Google’s threat intelligence team has identified five more Chinese cyber-espionage groups joining the ongoing attacks exploiting the critical “React2Shell” remote code execution vulnerability, tracked as CVE-2025-55182. This flaw, which affects the React open-source JavaScript library, allows unauthenticated attackers to execute arbitrary code on React and Next.js applications with a single HTTP request.The list of state-linked threat actors now includes UNC6600, UNC6586, UNC6588, UNC6603, and UNC6595, which have been deploying a variety of malware such as the MINOCAT tunneling software, the SNOWLIGHT downloader, the COMPOOD backdoor, and an updated version of the HISONIC backdoor. According to Google, the vulnerability has a significant number of exposed systems due to the widespread use of React Server Components in popular frameworks like Next.js.In addition to the Chinese hacking groups, Google’s researchers have also observed Iranian threat actors and financially motivated attackers targeting the React2Shell vulnerability, with some deploying XMRig cryptocurrency mining software on unpatched systems. Internet watchdog groups have tracked over 116,000 vulnerable IP addresses, primarily located in the United States, highlighting the widespread impact of this critical flaw. Scammers Abuse PayPal Subscriptions to Send Fake Purchase Notification Emailshttps://www.bleepingcomputer.com/news/security/beware-paypal-subscriptions-abused-to-send-fake-purchase-emails/Cybersecurity researchers have uncovered a new email scam that abuses PayPal’s “Subscriptions” billing feature to send legitimate-looking PayPal emails containing fake purchase notifications. The emails, which appear to come from the legitimate service[at]paypal.com address, state that the recipient’s “automatic payment is no longer active” and include a customer service URL field that has been modified to display a message about a large, expensive purchase.The goal of these scam emails is to trick recipients into believing their account has been used to make an expensive purchase, such as a Sony device, MacBook, or iPhone, and prompt them to call a provided phone number to “cancel or dispute the payment.” This tactic is commonly used to convince victims to engage in bank fraud or install malware on their computers.Investigations have revealed that the scammers are able to send these emails directly from PayPal’s servers by exploiting the company’s Subscriptions feature. When a merchant pauses a subscriber’s subscription, PayPal automatically sends a notification email to the subscriber, which the scammers are then modifying to include the fake purchase information. PayPal has stated that they are actively working to mitigate this method and urge customers to be vigilant and contact their customer support directly if they suspect they have been targeted by this ...
    Show More Show Less
    11 mins
  • Cyber Bites - 12th December 2025

    Cyber Bites - 12th December 2025
    Dec 11 2025

    * Widespread Exploitation of React2Shell Flaw Compromises Dozens of Organisations

    * Gartner Recommends Ban on AI-Powered Browser Extensions Amid Growing Security Risks

    * Cybercriminals Pivot to Points, Taxes, and Fake Retailers in Surge of SMS Phishing Scams

    * Cybercriminals Exploit Google Ads and AI Platforms to Spread macOS Infostealer Malware

    * Thousands of Exposed Secrets on Docker Hub Put Organisations at Serious Risk



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
    Show More Show Less
    9 mins
  • Cyber Bites - 5th December 2025

    Cyber Bites - 5th December 2025
    Dec 4 2025

    * Fake Calendly Invites Hijack Ad Manager Accounts by Spoofing Top Brands

    * Widespread Npm Malware Attack Exposes Thousands of Developer Secrets

    * WA Man Responsible for In-Flight “Evil Twin” WiFi Attacks Sentenced to 7 Years in Prison

    * Thousands of Developer Secrets Exposed in Public GitLab Repositories

    * ASX Outage Caused by Security Software Upgrade, Raising Concerns Over Technological Resilience



    This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
    Show More Show Less
    8 mins
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.